Web Total Cost Account System (WebTCAS) · The Web Total Cost Account System (WebTCAS) is a system...
Transcript of Web Total Cost Account System (WebTCAS) · The Web Total Cost Account System (WebTCAS) is a system...
Privacy Impact Assessment Web Total Cost Account System
(WebTCAS)
Iii Iii Iii
Version 202
Date July 29 2013
Prepared for USDA OCIO TPAampE
United States lejlartment ofAgriculture
USDA llivacy Impact Assessment Natural Resource Conservation Service WebTCAS
Privacy Impact Assessment for the
Web Total Cost Account System (WebTCAS)
29 July2013
Contact Point Paige Niederer
Natural Resources Conservation Service 970-295-5496
Reviewing Official Lian Jin
Acting Chief Information Security Officer United States Department ofAgriculture
202-720~8493
Page 2
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Abstract
The Web Total Cost Account System (WebTCAS) is a system ofthe Natural Resources Conservation Service (NRCS)
NRCS employees record their individual time and attendance data using the WebTCAS Internet accessible web site interface WebTCAS processes the time and attendance data and forwards this data to produce records from which employee paychecks are derived
A Privacy Threshold Analysis (PTA) was performed indicating that a PIA must be completed This PIA is being conducted to comply with the Federal Information Security Management Act of2002 (FISMA) and theE-Government Act of2002 (Public Law 107shy347 116 Stat 2899 44 USC sect 101 HR 2458S 803) Federal Law
Overview
The Web Total Cost Account System (WebTCAS) is a system of the Natural Resources Conservation Service (NRCS) The purpose ofWebTCAS is to provide consolidated efficient and simplified reporting of employee labor hours as applied against the many various NRCS programs and projects nationwide NRCS employees record their individual time and attendance datamiddotusing the WebTCAS Internet accessible web site interface
The data contained within the WebTCAS system includes employee name USDA assigned employee number labor hours and various time charge codes (jobproject activity codes vacationsick time codes etc) HR repositories (that are maintained outside ofWebTCAS)
middot also include Social Security Number (SSN) information for NRCS employees This is PII required to transfer labor hour information to HR for payroll purposes since the payroll system does not recognize any other employee identifier
The information collected includes hours worked leave hours taken arrival and departure times time taken for lunch associated activity codes and extra accrued hours This facilitates the mission ofthe organization by providing necessary inputs for the generation of employee payroll personnel scheduling activity cost accounting and other such labor hour related administrative requirements
A typical system transaction involves an individual employee logging into the system entering labor hours for a particular day into data cells for the specific appropriate activity code(s) saving the data and logging out of the system While the NRCS employees do not enter any PII they do record their individual time and attendance data using the WebTCAS Internet accessible web site interface As data is submitted several internal modules process it These modules store the timesheet and profile information in datdbase tables use data to produce records from which employee paychecks are derived and produce views and screens used for other time recordkeeping functions Individual NRCS employees maintain their own individual WebTCAS time records After timesheets are submitted within the application by
Page 3
Privacy Impact AssessmentmiddotusoA Natural Resource Consenation Service WebTCAS
11111
the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then certifies that the timesheet is correct according to employee duties and responsibilities No PII is collected from any of the user types described herein
Certified time and attendance is linked to individual employee Social Security Number (SSN) and is periodically provided to the USDA National Finance Center (NFC) NFC then issues employee paychecks based upon the data provided WebTCAS depends on the HR database (and the primary NFC payroll system) for employee PII (ie employee names) WebTCAS also depends upon the Program Maintenance Tool (PMT) for non-PII funding data and Office Information Profile (OIP) for non-PII office information
Authority to operate CST was previously provided via the ATO granted in 2010
Section 10 Characterization of the Information
The following questions are intended to define the scope of the information requested andor collected as well as reasons for its collection as part of the program system rule or technology being developed
11 What information is collected used disseminated or maintained in the system
WebTCAS does NOT directly collecf any PII from any individual
On a continuing basis non-PII labor hour information is provided by employees This includes the hours worked on specific projects leave hours atTival I departure times time taken for lunch activity codes and extra accrued hours This non-PII data is middot collected nsed disseminated and maintained by the WebTCAS system
WebTCAS connects to the Human Resources (HR) database that is maintained ontside the accreditation boundary by HR PII obtained from HR is used to populate WebTCAS
bull Employee name is the only type ofHR PII that is maintained in WebTCAS bull Employee ID is also obtained from the HR database but this is considered a
business identifier rather than personal identifier
WebTCAS also creates a transmit file that is used to disseminate timesheets to NFC
bull The records in this file link to employee SSN that is stored in the HR database bull SSN information is protected by encryption (ie hashing) by WebTCAS
12 What are the sources of the information in the system
Page4
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~ PII obtained from HR is used to populate WebTCAS Employee name is the only type ofHR PII that is maintained in WebTCAS WebTCAS does not directly collect any PII from any individual
13 Why is the information being collected used disseminated or maintained
WebTCAS does not directly collect any PII from any individual
PII data is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC
Note that non-PII data is collected by WebTCAS from employees to produce records from which employee paychecks are derived Thls data is also used to produce views and screens used for other time recordkeeping administrative functions
14 How is the information collected
NA- WebTCAS does not directly collect any PII from any individual
15 How will the information be checked for accmmiddotacy
NA- Applicable procedures to allow individuals to check the accuracy of their PII are maintained outside the accreditation boundaty for WebTCAS by the HR systems that are the source of the PII used by this application
For non-PIT information after the timesheets are submitted within the application by the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then ce1tifies that the timesheet is correct according to employee duties and responsibilities
16 What specific legal authorities arrangements andor agreements defined the collection of information
While WebTCAS does not directly collect any PII irlformation from any individual these references pertain bull Federal Register No 75 No 27 Wednesday February 10 2010Rules and
Regulations bull Paperwork Reduction Act of 1995 (44 USC 3501 et seq)
Pagesmiddot
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS middot2 1 I
17 Privacy Impact Analysis Given the amount and type of data collected discuss the privacy risks identified and how they were mitigated
WebTCAS does not directly collect any PII information from any individuals
The PII that is used by WebTCAS includes only employee names that are obtained from HR This PII data presents minimal privacy risks Employee timesheets must include individual names for obvious reasons The only other identifier used by WebTCAS is the USDA generated employee number which is considered to be a business identifier not a personal identifier Privacy risks associated with the minimallII maintained by WebTCAS are mitigated because access to the information is limited to authorized NRCS personnel by the use of the USDA-OCIOshyeAuthentication application which provides user authentication for NRCS RoleshyBased Access Control (RBAC) provides access enforcement
External privacy risks exist with respect to individual SSNs SSNs arc maintained in the HR database (outside of the WebTCAS accreditation boundary) for the sole purpose of facilitating transfer of individual time and attendance information to NFC NFC requires SSN usage because NFC currently does not recognize any other means of individual identity validation Per NFC policy this privacy risk is mitigated by the use of independently generated password protection for the transmit batch files that contain SSN information which provides further specific encryption protection for this pmticularly sensitive inf01mation
Note SSN lII data is NOT maintained within the WebTCAS application aatabase
Section 20 Uses of the Information
The following questions are intended to delineate clearly the use of information and the accuracy of the data being used
21 Describe all the uses of information
The information is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC As discussed in Section 1 WebTCAS uses PII that was obtained from riR
bull Employee name is the only type ofHR lII that is maintained in WebTCAS bull Employee ID is also obtained from the HRdatabase but this is considered a
business identifier rather than personal identifier
22 What types of tools are used to analyze data and what type of data may be produced
Page6
Privacy Impact Assessment USDA Natrwal Resource Conservation Service WebTCAS
~
NA- WebTCAS does not use any type of tools to analyzeproduce any type oflII
bull Non-lII data in WebTCAS is simply collected and is then validated and verifiebull Data is not manipulated or reformatted (other than being summarized) bull No type oflII data is produced
d
23 If the system uses commercial or publicly avlilable data please explain why and how it is used
NlA- WebTCAS does not use commercial or publicly available data
24 Privacy Impact Analysis Describe any types of controls that may bin place to ensure that information is handled in accordance with thabove described uses
e e
This application is in compliance with the Federal Information Security Management Act of2002 (FISMA) as reflected in CSAM USDA Office of the Chiefinformation Officer (OCIO) Directives and National Institute of Standards and Technology (NIST) guidance including applicable controls provided in these NIST Special Publication 800-53 Revision 3 control families yentr uiltnoct 8~ 1
0 J Avdf ( cll 1115 rsr middot +
o Access Control (AC) o Security Awareness and Training (AT) o Identification and Authentication (IA) o Media Protection (MP) o Physical and Environmental Protection (PE) o Personnel Security (PS) omiddot Risk Assessment (RA) o System and Communication Protection (SC) o System and Information Integrity (SI)
If any residual risks are identified they will be managed and reported via the FISMAmandated risk assessment processes
Section 30 Retention
The following questions are intended to outline how long information will be retained afterthe initial collection
31 How long is information retained
Per NARA General Records Schedule 20 this application-specific infmmation has been authorized by the NRCS Records Manager for erasure or
Page7
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~
deletion when the agency detetmines that this information is no longer needed for administrative legal audit or other operational purposes
32 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)
Yes
33 Privacy Impact Analysis Please discuss the risks associated with the length of time data is retained and how those risks are mitigated
The primary privacy risk is that a data breach could result in the release of time and attendance information associated with NRCS employees This is mitigated by limited access to the data non-portability ofthe data and controlled storage of the data located in controlled facilities
middotRetention ofapplication-specific data is required to meet business and organizational requirements for this particular information system The risks associated with retaining application-specific information are mitigated by the controls discussed above
Section 40 Internal Sharing and Disclosure
The following questions are intended to defme the scope ofsharing within the United States Department of Agriculture
41 With which internal organization(s) is the information shared what information is shared and for what purpose
WebTCAS shares (receives) PIT from the Human Resources (HR) database which is maintained outside the accreditation boundary by HR The employee name is the only type ofHR PIT that is maintained within WebTCAS
WebTCAS automatically shares (transmits) the time and attendance data via batch process output to the NFC
42 How is the information tmnsmitted or disclosed
Transmission of time and attendance data via batch process output to the NFC is accomplished via password-protected (encrypted) files sent that are over a dedicated line for security purposes Passwords for connecting to NFC to enable transmitting the files are handled by the WebTCAS coordinators to ensure separation ofduties (SOD)
Pages
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS
~
43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated
Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above
Section 50 External Sharing and Disclosure
The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector
51 With which external organization(s) is the information shared what information is shared and for what purpose
NA- PII is not shared or disclosed with organizations that are external to the USDA
Note that WebTCAS does not share disclose or transmit any information to the IRS
52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA
NA- PII is not shared or disclosed with organizations that are external to the USDA
53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot
NA- PII is not shared or disclosed with organizations that are external to the USDA
54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated
Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above
Page9
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
USDA llivacy Impact Assessment Natural Resource Conservation Service WebTCAS
Privacy Impact Assessment for the
Web Total Cost Account System (WebTCAS)
29 July2013
Contact Point Paige Niederer
Natural Resources Conservation Service 970-295-5496
Reviewing Official Lian Jin
Acting Chief Information Security Officer United States Department ofAgriculture
202-720~8493
Page 2
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Abstract
The Web Total Cost Account System (WebTCAS) is a system ofthe Natural Resources Conservation Service (NRCS)
NRCS employees record their individual time and attendance data using the WebTCAS Internet accessible web site interface WebTCAS processes the time and attendance data and forwards this data to produce records from which employee paychecks are derived
A Privacy Threshold Analysis (PTA) was performed indicating that a PIA must be completed This PIA is being conducted to comply with the Federal Information Security Management Act of2002 (FISMA) and theE-Government Act of2002 (Public Law 107shy347 116 Stat 2899 44 USC sect 101 HR 2458S 803) Federal Law
Overview
The Web Total Cost Account System (WebTCAS) is a system of the Natural Resources Conservation Service (NRCS) The purpose ofWebTCAS is to provide consolidated efficient and simplified reporting of employee labor hours as applied against the many various NRCS programs and projects nationwide NRCS employees record their individual time and attendance datamiddotusing the WebTCAS Internet accessible web site interface
The data contained within the WebTCAS system includes employee name USDA assigned employee number labor hours and various time charge codes (jobproject activity codes vacationsick time codes etc) HR repositories (that are maintained outside ofWebTCAS)
middot also include Social Security Number (SSN) information for NRCS employees This is PII required to transfer labor hour information to HR for payroll purposes since the payroll system does not recognize any other employee identifier
The information collected includes hours worked leave hours taken arrival and departure times time taken for lunch associated activity codes and extra accrued hours This facilitates the mission ofthe organization by providing necessary inputs for the generation of employee payroll personnel scheduling activity cost accounting and other such labor hour related administrative requirements
A typical system transaction involves an individual employee logging into the system entering labor hours for a particular day into data cells for the specific appropriate activity code(s) saving the data and logging out of the system While the NRCS employees do not enter any PII they do record their individual time and attendance data using the WebTCAS Internet accessible web site interface As data is submitted several internal modules process it These modules store the timesheet and profile information in datdbase tables use data to produce records from which employee paychecks are derived and produce views and screens used for other time recordkeeping functions Individual NRCS employees maintain their own individual WebTCAS time records After timesheets are submitted within the application by
Page 3
Privacy Impact AssessmentmiddotusoA Natural Resource Consenation Service WebTCAS
11111
the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then certifies that the timesheet is correct according to employee duties and responsibilities No PII is collected from any of the user types described herein
Certified time and attendance is linked to individual employee Social Security Number (SSN) and is periodically provided to the USDA National Finance Center (NFC) NFC then issues employee paychecks based upon the data provided WebTCAS depends on the HR database (and the primary NFC payroll system) for employee PII (ie employee names) WebTCAS also depends upon the Program Maintenance Tool (PMT) for non-PII funding data and Office Information Profile (OIP) for non-PII office information
Authority to operate CST was previously provided via the ATO granted in 2010
Section 10 Characterization of the Information
The following questions are intended to define the scope of the information requested andor collected as well as reasons for its collection as part of the program system rule or technology being developed
11 What information is collected used disseminated or maintained in the system
WebTCAS does NOT directly collecf any PII from any individual
On a continuing basis non-PII labor hour information is provided by employees This includes the hours worked on specific projects leave hours atTival I departure times time taken for lunch activity codes and extra accrued hours This non-PII data is middot collected nsed disseminated and maintained by the WebTCAS system
WebTCAS connects to the Human Resources (HR) database that is maintained ontside the accreditation boundary by HR PII obtained from HR is used to populate WebTCAS
bull Employee name is the only type ofHR PII that is maintained in WebTCAS bull Employee ID is also obtained from the HR database but this is considered a
business identifier rather than personal identifier
WebTCAS also creates a transmit file that is used to disseminate timesheets to NFC
bull The records in this file link to employee SSN that is stored in the HR database bull SSN information is protected by encryption (ie hashing) by WebTCAS
12 What are the sources of the information in the system
Page4
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~ PII obtained from HR is used to populate WebTCAS Employee name is the only type ofHR PII that is maintained in WebTCAS WebTCAS does not directly collect any PII from any individual
13 Why is the information being collected used disseminated or maintained
WebTCAS does not directly collect any PII from any individual
PII data is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC
Note that non-PII data is collected by WebTCAS from employees to produce records from which employee paychecks are derived Thls data is also used to produce views and screens used for other time recordkeeping administrative functions
14 How is the information collected
NA- WebTCAS does not directly collect any PII from any individual
15 How will the information be checked for accmmiddotacy
NA- Applicable procedures to allow individuals to check the accuracy of their PII are maintained outside the accreditation boundaty for WebTCAS by the HR systems that are the source of the PII used by this application
For non-PIT information after the timesheets are submitted within the application by the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then ce1tifies that the timesheet is correct according to employee duties and responsibilities
16 What specific legal authorities arrangements andor agreements defined the collection of information
While WebTCAS does not directly collect any PII irlformation from any individual these references pertain bull Federal Register No 75 No 27 Wednesday February 10 2010Rules and
Regulations bull Paperwork Reduction Act of 1995 (44 USC 3501 et seq)
Pagesmiddot
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS middot2 1 I
17 Privacy Impact Analysis Given the amount and type of data collected discuss the privacy risks identified and how they were mitigated
WebTCAS does not directly collect any PII information from any individuals
The PII that is used by WebTCAS includes only employee names that are obtained from HR This PII data presents minimal privacy risks Employee timesheets must include individual names for obvious reasons The only other identifier used by WebTCAS is the USDA generated employee number which is considered to be a business identifier not a personal identifier Privacy risks associated with the minimallII maintained by WebTCAS are mitigated because access to the information is limited to authorized NRCS personnel by the use of the USDA-OCIOshyeAuthentication application which provides user authentication for NRCS RoleshyBased Access Control (RBAC) provides access enforcement
External privacy risks exist with respect to individual SSNs SSNs arc maintained in the HR database (outside of the WebTCAS accreditation boundary) for the sole purpose of facilitating transfer of individual time and attendance information to NFC NFC requires SSN usage because NFC currently does not recognize any other means of individual identity validation Per NFC policy this privacy risk is mitigated by the use of independently generated password protection for the transmit batch files that contain SSN information which provides further specific encryption protection for this pmticularly sensitive inf01mation
Note SSN lII data is NOT maintained within the WebTCAS application aatabase
Section 20 Uses of the Information
The following questions are intended to delineate clearly the use of information and the accuracy of the data being used
21 Describe all the uses of information
The information is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC As discussed in Section 1 WebTCAS uses PII that was obtained from riR
bull Employee name is the only type ofHR lII that is maintained in WebTCAS bull Employee ID is also obtained from the HRdatabase but this is considered a
business identifier rather than personal identifier
22 What types of tools are used to analyze data and what type of data may be produced
Page6
Privacy Impact Assessment USDA Natrwal Resource Conservation Service WebTCAS
~
NA- WebTCAS does not use any type of tools to analyzeproduce any type oflII
bull Non-lII data in WebTCAS is simply collected and is then validated and verifiebull Data is not manipulated or reformatted (other than being summarized) bull No type oflII data is produced
d
23 If the system uses commercial or publicly avlilable data please explain why and how it is used
NlA- WebTCAS does not use commercial or publicly available data
24 Privacy Impact Analysis Describe any types of controls that may bin place to ensure that information is handled in accordance with thabove described uses
e e
This application is in compliance with the Federal Information Security Management Act of2002 (FISMA) as reflected in CSAM USDA Office of the Chiefinformation Officer (OCIO) Directives and National Institute of Standards and Technology (NIST) guidance including applicable controls provided in these NIST Special Publication 800-53 Revision 3 control families yentr uiltnoct 8~ 1
0 J Avdf ( cll 1115 rsr middot +
o Access Control (AC) o Security Awareness and Training (AT) o Identification and Authentication (IA) o Media Protection (MP) o Physical and Environmental Protection (PE) o Personnel Security (PS) omiddot Risk Assessment (RA) o System and Communication Protection (SC) o System and Information Integrity (SI)
If any residual risks are identified they will be managed and reported via the FISMAmandated risk assessment processes
Section 30 Retention
The following questions are intended to outline how long information will be retained afterthe initial collection
31 How long is information retained
Per NARA General Records Schedule 20 this application-specific infmmation has been authorized by the NRCS Records Manager for erasure or
Page7
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~
deletion when the agency detetmines that this information is no longer needed for administrative legal audit or other operational purposes
32 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)
Yes
33 Privacy Impact Analysis Please discuss the risks associated with the length of time data is retained and how those risks are mitigated
The primary privacy risk is that a data breach could result in the release of time and attendance information associated with NRCS employees This is mitigated by limited access to the data non-portability ofthe data and controlled storage of the data located in controlled facilities
middotRetention ofapplication-specific data is required to meet business and organizational requirements for this particular information system The risks associated with retaining application-specific information are mitigated by the controls discussed above
Section 40 Internal Sharing and Disclosure
The following questions are intended to defme the scope ofsharing within the United States Department of Agriculture
41 With which internal organization(s) is the information shared what information is shared and for what purpose
WebTCAS shares (receives) PIT from the Human Resources (HR) database which is maintained outside the accreditation boundary by HR The employee name is the only type ofHR PIT that is maintained within WebTCAS
WebTCAS automatically shares (transmits) the time and attendance data via batch process output to the NFC
42 How is the information tmnsmitted or disclosed
Transmission of time and attendance data via batch process output to the NFC is accomplished via password-protected (encrypted) files sent that are over a dedicated line for security purposes Passwords for connecting to NFC to enable transmitting the files are handled by the WebTCAS coordinators to ensure separation ofduties (SOD)
Pages
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS
~
43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated
Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above
Section 50 External Sharing and Disclosure
The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector
51 With which external organization(s) is the information shared what information is shared and for what purpose
NA- PII is not shared or disclosed with organizations that are external to the USDA
Note that WebTCAS does not share disclose or transmit any information to the IRS
52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA
NA- PII is not shared or disclosed with organizations that are external to the USDA
53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot
NA- PII is not shared or disclosed with organizations that are external to the USDA
54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated
Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above
Page9
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Abstract
The Web Total Cost Account System (WebTCAS) is a system ofthe Natural Resources Conservation Service (NRCS)
NRCS employees record their individual time and attendance data using the WebTCAS Internet accessible web site interface WebTCAS processes the time and attendance data and forwards this data to produce records from which employee paychecks are derived
A Privacy Threshold Analysis (PTA) was performed indicating that a PIA must be completed This PIA is being conducted to comply with the Federal Information Security Management Act of2002 (FISMA) and theE-Government Act of2002 (Public Law 107shy347 116 Stat 2899 44 USC sect 101 HR 2458S 803) Federal Law
Overview
The Web Total Cost Account System (WebTCAS) is a system of the Natural Resources Conservation Service (NRCS) The purpose ofWebTCAS is to provide consolidated efficient and simplified reporting of employee labor hours as applied against the many various NRCS programs and projects nationwide NRCS employees record their individual time and attendance datamiddotusing the WebTCAS Internet accessible web site interface
The data contained within the WebTCAS system includes employee name USDA assigned employee number labor hours and various time charge codes (jobproject activity codes vacationsick time codes etc) HR repositories (that are maintained outside ofWebTCAS)
middot also include Social Security Number (SSN) information for NRCS employees This is PII required to transfer labor hour information to HR for payroll purposes since the payroll system does not recognize any other employee identifier
The information collected includes hours worked leave hours taken arrival and departure times time taken for lunch associated activity codes and extra accrued hours This facilitates the mission ofthe organization by providing necessary inputs for the generation of employee payroll personnel scheduling activity cost accounting and other such labor hour related administrative requirements
A typical system transaction involves an individual employee logging into the system entering labor hours for a particular day into data cells for the specific appropriate activity code(s) saving the data and logging out of the system While the NRCS employees do not enter any PII they do record their individual time and attendance data using the WebTCAS Internet accessible web site interface As data is submitted several internal modules process it These modules store the timesheet and profile information in datdbase tables use data to produce records from which employee paychecks are derived and produce views and screens used for other time recordkeeping functions Individual NRCS employees maintain their own individual WebTCAS time records After timesheets are submitted within the application by
Page 3
Privacy Impact AssessmentmiddotusoA Natural Resource Consenation Service WebTCAS
11111
the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then certifies that the timesheet is correct according to employee duties and responsibilities No PII is collected from any of the user types described herein
Certified time and attendance is linked to individual employee Social Security Number (SSN) and is periodically provided to the USDA National Finance Center (NFC) NFC then issues employee paychecks based upon the data provided WebTCAS depends on the HR database (and the primary NFC payroll system) for employee PII (ie employee names) WebTCAS also depends upon the Program Maintenance Tool (PMT) for non-PII funding data and Office Information Profile (OIP) for non-PII office information
Authority to operate CST was previously provided via the ATO granted in 2010
Section 10 Characterization of the Information
The following questions are intended to define the scope of the information requested andor collected as well as reasons for its collection as part of the program system rule or technology being developed
11 What information is collected used disseminated or maintained in the system
WebTCAS does NOT directly collecf any PII from any individual
On a continuing basis non-PII labor hour information is provided by employees This includes the hours worked on specific projects leave hours atTival I departure times time taken for lunch activity codes and extra accrued hours This non-PII data is middot collected nsed disseminated and maintained by the WebTCAS system
WebTCAS connects to the Human Resources (HR) database that is maintained ontside the accreditation boundary by HR PII obtained from HR is used to populate WebTCAS
bull Employee name is the only type ofHR PII that is maintained in WebTCAS bull Employee ID is also obtained from the HR database but this is considered a
business identifier rather than personal identifier
WebTCAS also creates a transmit file that is used to disseminate timesheets to NFC
bull The records in this file link to employee SSN that is stored in the HR database bull SSN information is protected by encryption (ie hashing) by WebTCAS
12 What are the sources of the information in the system
Page4
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~ PII obtained from HR is used to populate WebTCAS Employee name is the only type ofHR PII that is maintained in WebTCAS WebTCAS does not directly collect any PII from any individual
13 Why is the information being collected used disseminated or maintained
WebTCAS does not directly collect any PII from any individual
PII data is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC
Note that non-PII data is collected by WebTCAS from employees to produce records from which employee paychecks are derived Thls data is also used to produce views and screens used for other time recordkeeping administrative functions
14 How is the information collected
NA- WebTCAS does not directly collect any PII from any individual
15 How will the information be checked for accmmiddotacy
NA- Applicable procedures to allow individuals to check the accuracy of their PII are maintained outside the accreditation boundaty for WebTCAS by the HR systems that are the source of the PII used by this application
For non-PIT information after the timesheets are submitted within the application by the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then ce1tifies that the timesheet is correct according to employee duties and responsibilities
16 What specific legal authorities arrangements andor agreements defined the collection of information
While WebTCAS does not directly collect any PII irlformation from any individual these references pertain bull Federal Register No 75 No 27 Wednesday February 10 2010Rules and
Regulations bull Paperwork Reduction Act of 1995 (44 USC 3501 et seq)
Pagesmiddot
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS middot2 1 I
17 Privacy Impact Analysis Given the amount and type of data collected discuss the privacy risks identified and how they were mitigated
WebTCAS does not directly collect any PII information from any individuals
The PII that is used by WebTCAS includes only employee names that are obtained from HR This PII data presents minimal privacy risks Employee timesheets must include individual names for obvious reasons The only other identifier used by WebTCAS is the USDA generated employee number which is considered to be a business identifier not a personal identifier Privacy risks associated with the minimallII maintained by WebTCAS are mitigated because access to the information is limited to authorized NRCS personnel by the use of the USDA-OCIOshyeAuthentication application which provides user authentication for NRCS RoleshyBased Access Control (RBAC) provides access enforcement
External privacy risks exist with respect to individual SSNs SSNs arc maintained in the HR database (outside of the WebTCAS accreditation boundary) for the sole purpose of facilitating transfer of individual time and attendance information to NFC NFC requires SSN usage because NFC currently does not recognize any other means of individual identity validation Per NFC policy this privacy risk is mitigated by the use of independently generated password protection for the transmit batch files that contain SSN information which provides further specific encryption protection for this pmticularly sensitive inf01mation
Note SSN lII data is NOT maintained within the WebTCAS application aatabase
Section 20 Uses of the Information
The following questions are intended to delineate clearly the use of information and the accuracy of the data being used
21 Describe all the uses of information
The information is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC As discussed in Section 1 WebTCAS uses PII that was obtained from riR
bull Employee name is the only type ofHR lII that is maintained in WebTCAS bull Employee ID is also obtained from the HRdatabase but this is considered a
business identifier rather than personal identifier
22 What types of tools are used to analyze data and what type of data may be produced
Page6
Privacy Impact Assessment USDA Natrwal Resource Conservation Service WebTCAS
~
NA- WebTCAS does not use any type of tools to analyzeproduce any type oflII
bull Non-lII data in WebTCAS is simply collected and is then validated and verifiebull Data is not manipulated or reformatted (other than being summarized) bull No type oflII data is produced
d
23 If the system uses commercial or publicly avlilable data please explain why and how it is used
NlA- WebTCAS does not use commercial or publicly available data
24 Privacy Impact Analysis Describe any types of controls that may bin place to ensure that information is handled in accordance with thabove described uses
e e
This application is in compliance with the Federal Information Security Management Act of2002 (FISMA) as reflected in CSAM USDA Office of the Chiefinformation Officer (OCIO) Directives and National Institute of Standards and Technology (NIST) guidance including applicable controls provided in these NIST Special Publication 800-53 Revision 3 control families yentr uiltnoct 8~ 1
0 J Avdf ( cll 1115 rsr middot +
o Access Control (AC) o Security Awareness and Training (AT) o Identification and Authentication (IA) o Media Protection (MP) o Physical and Environmental Protection (PE) o Personnel Security (PS) omiddot Risk Assessment (RA) o System and Communication Protection (SC) o System and Information Integrity (SI)
If any residual risks are identified they will be managed and reported via the FISMAmandated risk assessment processes
Section 30 Retention
The following questions are intended to outline how long information will be retained afterthe initial collection
31 How long is information retained
Per NARA General Records Schedule 20 this application-specific infmmation has been authorized by the NRCS Records Manager for erasure or
Page7
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~
deletion when the agency detetmines that this information is no longer needed for administrative legal audit or other operational purposes
32 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)
Yes
33 Privacy Impact Analysis Please discuss the risks associated with the length of time data is retained and how those risks are mitigated
The primary privacy risk is that a data breach could result in the release of time and attendance information associated with NRCS employees This is mitigated by limited access to the data non-portability ofthe data and controlled storage of the data located in controlled facilities
middotRetention ofapplication-specific data is required to meet business and organizational requirements for this particular information system The risks associated with retaining application-specific information are mitigated by the controls discussed above
Section 40 Internal Sharing and Disclosure
The following questions are intended to defme the scope ofsharing within the United States Department of Agriculture
41 With which internal organization(s) is the information shared what information is shared and for what purpose
WebTCAS shares (receives) PIT from the Human Resources (HR) database which is maintained outside the accreditation boundary by HR The employee name is the only type ofHR PIT that is maintained within WebTCAS
WebTCAS automatically shares (transmits) the time and attendance data via batch process output to the NFC
42 How is the information tmnsmitted or disclosed
Transmission of time and attendance data via batch process output to the NFC is accomplished via password-protected (encrypted) files sent that are over a dedicated line for security purposes Passwords for connecting to NFC to enable transmitting the files are handled by the WebTCAS coordinators to ensure separation ofduties (SOD)
Pages
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS
~
43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated
Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above
Section 50 External Sharing and Disclosure
The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector
51 With which external organization(s) is the information shared what information is shared and for what purpose
NA- PII is not shared or disclosed with organizations that are external to the USDA
Note that WebTCAS does not share disclose or transmit any information to the IRS
52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA
NA- PII is not shared or disclosed with organizations that are external to the USDA
53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot
NA- PII is not shared or disclosed with organizations that are external to the USDA
54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated
Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above
Page9
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact AssessmentmiddotusoA Natural Resource Consenation Service WebTCAS
11111
the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then certifies that the timesheet is correct according to employee duties and responsibilities No PII is collected from any of the user types described herein
Certified time and attendance is linked to individual employee Social Security Number (SSN) and is periodically provided to the USDA National Finance Center (NFC) NFC then issues employee paychecks based upon the data provided WebTCAS depends on the HR database (and the primary NFC payroll system) for employee PII (ie employee names) WebTCAS also depends upon the Program Maintenance Tool (PMT) for non-PII funding data and Office Information Profile (OIP) for non-PII office information
Authority to operate CST was previously provided via the ATO granted in 2010
Section 10 Characterization of the Information
The following questions are intended to define the scope of the information requested andor collected as well as reasons for its collection as part of the program system rule or technology being developed
11 What information is collected used disseminated or maintained in the system
WebTCAS does NOT directly collecf any PII from any individual
On a continuing basis non-PII labor hour information is provided by employees This includes the hours worked on specific projects leave hours atTival I departure times time taken for lunch activity codes and extra accrued hours This non-PII data is middot collected nsed disseminated and maintained by the WebTCAS system
WebTCAS connects to the Human Resources (HR) database that is maintained ontside the accreditation boundary by HR PII obtained from HR is used to populate WebTCAS
bull Employee name is the only type ofHR PII that is maintained in WebTCAS bull Employee ID is also obtained from the HR database but this is considered a
business identifier rather than personal identifier
WebTCAS also creates a transmit file that is used to disseminate timesheets to NFC
bull The records in this file link to employee SSN that is stored in the HR database bull SSN information is protected by encryption (ie hashing) by WebTCAS
12 What are the sources of the information in the system
Page4
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~ PII obtained from HR is used to populate WebTCAS Employee name is the only type ofHR PII that is maintained in WebTCAS WebTCAS does not directly collect any PII from any individual
13 Why is the information being collected used disseminated or maintained
WebTCAS does not directly collect any PII from any individual
PII data is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC
Note that non-PII data is collected by WebTCAS from employees to produce records from which employee paychecks are derived Thls data is also used to produce views and screens used for other time recordkeeping administrative functions
14 How is the information collected
NA- WebTCAS does not directly collect any PII from any individual
15 How will the information be checked for accmmiddotacy
NA- Applicable procedures to allow individuals to check the accuracy of their PII are maintained outside the accreditation boundaty for WebTCAS by the HR systems that are the source of the PII used by this application
For non-PIT information after the timesheets are submitted within the application by the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then ce1tifies that the timesheet is correct according to employee duties and responsibilities
16 What specific legal authorities arrangements andor agreements defined the collection of information
While WebTCAS does not directly collect any PII irlformation from any individual these references pertain bull Federal Register No 75 No 27 Wednesday February 10 2010Rules and
Regulations bull Paperwork Reduction Act of 1995 (44 USC 3501 et seq)
Pagesmiddot
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS middot2 1 I
17 Privacy Impact Analysis Given the amount and type of data collected discuss the privacy risks identified and how they were mitigated
WebTCAS does not directly collect any PII information from any individuals
The PII that is used by WebTCAS includes only employee names that are obtained from HR This PII data presents minimal privacy risks Employee timesheets must include individual names for obvious reasons The only other identifier used by WebTCAS is the USDA generated employee number which is considered to be a business identifier not a personal identifier Privacy risks associated with the minimallII maintained by WebTCAS are mitigated because access to the information is limited to authorized NRCS personnel by the use of the USDA-OCIOshyeAuthentication application which provides user authentication for NRCS RoleshyBased Access Control (RBAC) provides access enforcement
External privacy risks exist with respect to individual SSNs SSNs arc maintained in the HR database (outside of the WebTCAS accreditation boundary) for the sole purpose of facilitating transfer of individual time and attendance information to NFC NFC requires SSN usage because NFC currently does not recognize any other means of individual identity validation Per NFC policy this privacy risk is mitigated by the use of independently generated password protection for the transmit batch files that contain SSN information which provides further specific encryption protection for this pmticularly sensitive inf01mation
Note SSN lII data is NOT maintained within the WebTCAS application aatabase
Section 20 Uses of the Information
The following questions are intended to delineate clearly the use of information and the accuracy of the data being used
21 Describe all the uses of information
The information is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC As discussed in Section 1 WebTCAS uses PII that was obtained from riR
bull Employee name is the only type ofHR lII that is maintained in WebTCAS bull Employee ID is also obtained from the HRdatabase but this is considered a
business identifier rather than personal identifier
22 What types of tools are used to analyze data and what type of data may be produced
Page6
Privacy Impact Assessment USDA Natrwal Resource Conservation Service WebTCAS
~
NA- WebTCAS does not use any type of tools to analyzeproduce any type oflII
bull Non-lII data in WebTCAS is simply collected and is then validated and verifiebull Data is not manipulated or reformatted (other than being summarized) bull No type oflII data is produced
d
23 If the system uses commercial or publicly avlilable data please explain why and how it is used
NlA- WebTCAS does not use commercial or publicly available data
24 Privacy Impact Analysis Describe any types of controls that may bin place to ensure that information is handled in accordance with thabove described uses
e e
This application is in compliance with the Federal Information Security Management Act of2002 (FISMA) as reflected in CSAM USDA Office of the Chiefinformation Officer (OCIO) Directives and National Institute of Standards and Technology (NIST) guidance including applicable controls provided in these NIST Special Publication 800-53 Revision 3 control families yentr uiltnoct 8~ 1
0 J Avdf ( cll 1115 rsr middot +
o Access Control (AC) o Security Awareness and Training (AT) o Identification and Authentication (IA) o Media Protection (MP) o Physical and Environmental Protection (PE) o Personnel Security (PS) omiddot Risk Assessment (RA) o System and Communication Protection (SC) o System and Information Integrity (SI)
If any residual risks are identified they will be managed and reported via the FISMAmandated risk assessment processes
Section 30 Retention
The following questions are intended to outline how long information will be retained afterthe initial collection
31 How long is information retained
Per NARA General Records Schedule 20 this application-specific infmmation has been authorized by the NRCS Records Manager for erasure or
Page7
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~
deletion when the agency detetmines that this information is no longer needed for administrative legal audit or other operational purposes
32 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)
Yes
33 Privacy Impact Analysis Please discuss the risks associated with the length of time data is retained and how those risks are mitigated
The primary privacy risk is that a data breach could result in the release of time and attendance information associated with NRCS employees This is mitigated by limited access to the data non-portability ofthe data and controlled storage of the data located in controlled facilities
middotRetention ofapplication-specific data is required to meet business and organizational requirements for this particular information system The risks associated with retaining application-specific information are mitigated by the controls discussed above
Section 40 Internal Sharing and Disclosure
The following questions are intended to defme the scope ofsharing within the United States Department of Agriculture
41 With which internal organization(s) is the information shared what information is shared and for what purpose
WebTCAS shares (receives) PIT from the Human Resources (HR) database which is maintained outside the accreditation boundary by HR The employee name is the only type ofHR PIT that is maintained within WebTCAS
WebTCAS automatically shares (transmits) the time and attendance data via batch process output to the NFC
42 How is the information tmnsmitted or disclosed
Transmission of time and attendance data via batch process output to the NFC is accomplished via password-protected (encrypted) files sent that are over a dedicated line for security purposes Passwords for connecting to NFC to enable transmitting the files are handled by the WebTCAS coordinators to ensure separation ofduties (SOD)
Pages
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS
~
43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated
Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above
Section 50 External Sharing and Disclosure
The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector
51 With which external organization(s) is the information shared what information is shared and for what purpose
NA- PII is not shared or disclosed with organizations that are external to the USDA
Note that WebTCAS does not share disclose or transmit any information to the IRS
52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA
NA- PII is not shared or disclosed with organizations that are external to the USDA
53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot
NA- PII is not shared or disclosed with organizations that are external to the USDA
54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated
Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above
Page9
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~ PII obtained from HR is used to populate WebTCAS Employee name is the only type ofHR PII that is maintained in WebTCAS WebTCAS does not directly collect any PII from any individual
13 Why is the information being collected used disseminated or maintained
WebTCAS does not directly collect any PII from any individual
PII data is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC
Note that non-PII data is collected by WebTCAS from employees to produce records from which employee paychecks are derived Thls data is also used to produce views and screens used for other time recordkeeping administrative functions
14 How is the information collected
NA- WebTCAS does not directly collect any PII from any individual
15 How will the information be checked for accmmiddotacy
NA- Applicable procedures to allow individuals to check the accuracy of their PII are maintained outside the accreditation boundaty for WebTCAS by the HR systems that are the source of the PII used by this application
For non-PIT information after the timesheets are submitted within the application by the employees an NRCS assigned timekeeper accesses all the timesheets for that timekeepers group using authenticated web browser sessions and verifies timesheets against the employees job assignments project codes etc Once they match the timekeeper verifies the timesheets inside the application browser window After the timekeeper verifies the timesheet the supervisor then ce1tifies that the timesheet is correct according to employee duties and responsibilities
16 What specific legal authorities arrangements andor agreements defined the collection of information
While WebTCAS does not directly collect any PII irlformation from any individual these references pertain bull Federal Register No 75 No 27 Wednesday February 10 2010Rules and
Regulations bull Paperwork Reduction Act of 1995 (44 USC 3501 et seq)
Pagesmiddot
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS middot2 1 I
17 Privacy Impact Analysis Given the amount and type of data collected discuss the privacy risks identified and how they were mitigated
WebTCAS does not directly collect any PII information from any individuals
The PII that is used by WebTCAS includes only employee names that are obtained from HR This PII data presents minimal privacy risks Employee timesheets must include individual names for obvious reasons The only other identifier used by WebTCAS is the USDA generated employee number which is considered to be a business identifier not a personal identifier Privacy risks associated with the minimallII maintained by WebTCAS are mitigated because access to the information is limited to authorized NRCS personnel by the use of the USDA-OCIOshyeAuthentication application which provides user authentication for NRCS RoleshyBased Access Control (RBAC) provides access enforcement
External privacy risks exist with respect to individual SSNs SSNs arc maintained in the HR database (outside of the WebTCAS accreditation boundary) for the sole purpose of facilitating transfer of individual time and attendance information to NFC NFC requires SSN usage because NFC currently does not recognize any other means of individual identity validation Per NFC policy this privacy risk is mitigated by the use of independently generated password protection for the transmit batch files that contain SSN information which provides further specific encryption protection for this pmticularly sensitive inf01mation
Note SSN lII data is NOT maintained within the WebTCAS application aatabase
Section 20 Uses of the Information
The following questions are intended to delineate clearly the use of information and the accuracy of the data being used
21 Describe all the uses of information
The information is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC As discussed in Section 1 WebTCAS uses PII that was obtained from riR
bull Employee name is the only type ofHR lII that is maintained in WebTCAS bull Employee ID is also obtained from the HRdatabase but this is considered a
business identifier rather than personal identifier
22 What types of tools are used to analyze data and what type of data may be produced
Page6
Privacy Impact Assessment USDA Natrwal Resource Conservation Service WebTCAS
~
NA- WebTCAS does not use any type of tools to analyzeproduce any type oflII
bull Non-lII data in WebTCAS is simply collected and is then validated and verifiebull Data is not manipulated or reformatted (other than being summarized) bull No type oflII data is produced
d
23 If the system uses commercial or publicly avlilable data please explain why and how it is used
NlA- WebTCAS does not use commercial or publicly available data
24 Privacy Impact Analysis Describe any types of controls that may bin place to ensure that information is handled in accordance with thabove described uses
e e
This application is in compliance with the Federal Information Security Management Act of2002 (FISMA) as reflected in CSAM USDA Office of the Chiefinformation Officer (OCIO) Directives and National Institute of Standards and Technology (NIST) guidance including applicable controls provided in these NIST Special Publication 800-53 Revision 3 control families yentr uiltnoct 8~ 1
0 J Avdf ( cll 1115 rsr middot +
o Access Control (AC) o Security Awareness and Training (AT) o Identification and Authentication (IA) o Media Protection (MP) o Physical and Environmental Protection (PE) o Personnel Security (PS) omiddot Risk Assessment (RA) o System and Communication Protection (SC) o System and Information Integrity (SI)
If any residual risks are identified they will be managed and reported via the FISMAmandated risk assessment processes
Section 30 Retention
The following questions are intended to outline how long information will be retained afterthe initial collection
31 How long is information retained
Per NARA General Records Schedule 20 this application-specific infmmation has been authorized by the NRCS Records Manager for erasure or
Page7
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~
deletion when the agency detetmines that this information is no longer needed for administrative legal audit or other operational purposes
32 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)
Yes
33 Privacy Impact Analysis Please discuss the risks associated with the length of time data is retained and how those risks are mitigated
The primary privacy risk is that a data breach could result in the release of time and attendance information associated with NRCS employees This is mitigated by limited access to the data non-portability ofthe data and controlled storage of the data located in controlled facilities
middotRetention ofapplication-specific data is required to meet business and organizational requirements for this particular information system The risks associated with retaining application-specific information are mitigated by the controls discussed above
Section 40 Internal Sharing and Disclosure
The following questions are intended to defme the scope ofsharing within the United States Department of Agriculture
41 With which internal organization(s) is the information shared what information is shared and for what purpose
WebTCAS shares (receives) PIT from the Human Resources (HR) database which is maintained outside the accreditation boundary by HR The employee name is the only type ofHR PIT that is maintained within WebTCAS
WebTCAS automatically shares (transmits) the time and attendance data via batch process output to the NFC
42 How is the information tmnsmitted or disclosed
Transmission of time and attendance data via batch process output to the NFC is accomplished via password-protected (encrypted) files sent that are over a dedicated line for security purposes Passwords for connecting to NFC to enable transmitting the files are handled by the WebTCAS coordinators to ensure separation ofduties (SOD)
Pages
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS
~
43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated
Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above
Section 50 External Sharing and Disclosure
The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector
51 With which external organization(s) is the information shared what information is shared and for what purpose
NA- PII is not shared or disclosed with organizations that are external to the USDA
Note that WebTCAS does not share disclose or transmit any information to the IRS
52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA
NA- PII is not shared or disclosed with organizations that are external to the USDA
53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot
NA- PII is not shared or disclosed with organizations that are external to the USDA
54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated
Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above
Page9
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS middot2 1 I
17 Privacy Impact Analysis Given the amount and type of data collected discuss the privacy risks identified and how they were mitigated
WebTCAS does not directly collect any PII information from any individuals
The PII that is used by WebTCAS includes only employee names that are obtained from HR This PII data presents minimal privacy risks Employee timesheets must include individual names for obvious reasons The only other identifier used by WebTCAS is the USDA generated employee number which is considered to be a business identifier not a personal identifier Privacy risks associated with the minimallII maintained by WebTCAS are mitigated because access to the information is limited to authorized NRCS personnel by the use of the USDA-OCIOshyeAuthentication application which provides user authentication for NRCS RoleshyBased Access Control (RBAC) provides access enforcement
External privacy risks exist with respect to individual SSNs SSNs arc maintained in the HR database (outside of the WebTCAS accreditation boundary) for the sole purpose of facilitating transfer of individual time and attendance information to NFC NFC requires SSN usage because NFC currently does not recognize any other means of individual identity validation Per NFC policy this privacy risk is mitigated by the use of independently generated password protection for the transmit batch files that contain SSN information which provides further specific encryption protection for this pmticularly sensitive inf01mation
Note SSN lII data is NOT maintained within the WebTCAS application aatabase
Section 20 Uses of the Information
The following questions are intended to delineate clearly the use of information and the accuracy of the data being used
21 Describe all the uses of information
The information is used disseminated and maintained by WebTCAS to A) obtain time and attendance data and B) to send a transmit file containing timesheets to NFC As discussed in Section 1 WebTCAS uses PII that was obtained from riR
bull Employee name is the only type ofHR lII that is maintained in WebTCAS bull Employee ID is also obtained from the HRdatabase but this is considered a
business identifier rather than personal identifier
22 What types of tools are used to analyze data and what type of data may be produced
Page6
Privacy Impact Assessment USDA Natrwal Resource Conservation Service WebTCAS
~
NA- WebTCAS does not use any type of tools to analyzeproduce any type oflII
bull Non-lII data in WebTCAS is simply collected and is then validated and verifiebull Data is not manipulated or reformatted (other than being summarized) bull No type oflII data is produced
d
23 If the system uses commercial or publicly avlilable data please explain why and how it is used
NlA- WebTCAS does not use commercial or publicly available data
24 Privacy Impact Analysis Describe any types of controls that may bin place to ensure that information is handled in accordance with thabove described uses
e e
This application is in compliance with the Federal Information Security Management Act of2002 (FISMA) as reflected in CSAM USDA Office of the Chiefinformation Officer (OCIO) Directives and National Institute of Standards and Technology (NIST) guidance including applicable controls provided in these NIST Special Publication 800-53 Revision 3 control families yentr uiltnoct 8~ 1
0 J Avdf ( cll 1115 rsr middot +
o Access Control (AC) o Security Awareness and Training (AT) o Identification and Authentication (IA) o Media Protection (MP) o Physical and Environmental Protection (PE) o Personnel Security (PS) omiddot Risk Assessment (RA) o System and Communication Protection (SC) o System and Information Integrity (SI)
If any residual risks are identified they will be managed and reported via the FISMAmandated risk assessment processes
Section 30 Retention
The following questions are intended to outline how long information will be retained afterthe initial collection
31 How long is information retained
Per NARA General Records Schedule 20 this application-specific infmmation has been authorized by the NRCS Records Manager for erasure or
Page7
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~
deletion when the agency detetmines that this information is no longer needed for administrative legal audit or other operational purposes
32 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)
Yes
33 Privacy Impact Analysis Please discuss the risks associated with the length of time data is retained and how those risks are mitigated
The primary privacy risk is that a data breach could result in the release of time and attendance information associated with NRCS employees This is mitigated by limited access to the data non-portability ofthe data and controlled storage of the data located in controlled facilities
middotRetention ofapplication-specific data is required to meet business and organizational requirements for this particular information system The risks associated with retaining application-specific information are mitigated by the controls discussed above
Section 40 Internal Sharing and Disclosure
The following questions are intended to defme the scope ofsharing within the United States Department of Agriculture
41 With which internal organization(s) is the information shared what information is shared and for what purpose
WebTCAS shares (receives) PIT from the Human Resources (HR) database which is maintained outside the accreditation boundary by HR The employee name is the only type ofHR PIT that is maintained within WebTCAS
WebTCAS automatically shares (transmits) the time and attendance data via batch process output to the NFC
42 How is the information tmnsmitted or disclosed
Transmission of time and attendance data via batch process output to the NFC is accomplished via password-protected (encrypted) files sent that are over a dedicated line for security purposes Passwords for connecting to NFC to enable transmitting the files are handled by the WebTCAS coordinators to ensure separation ofduties (SOD)
Pages
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS
~
43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated
Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above
Section 50 External Sharing and Disclosure
The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector
51 With which external organization(s) is the information shared what information is shared and for what purpose
NA- PII is not shared or disclosed with organizations that are external to the USDA
Note that WebTCAS does not share disclose or transmit any information to the IRS
52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA
NA- PII is not shared or disclosed with organizations that are external to the USDA
53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot
NA- PII is not shared or disclosed with organizations that are external to the USDA
54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated
Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above
Page9
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment USDA Natrwal Resource Conservation Service WebTCAS
~
NA- WebTCAS does not use any type of tools to analyzeproduce any type oflII
bull Non-lII data in WebTCAS is simply collected and is then validated and verifiebull Data is not manipulated or reformatted (other than being summarized) bull No type oflII data is produced
d
23 If the system uses commercial or publicly avlilable data please explain why and how it is used
NlA- WebTCAS does not use commercial or publicly available data
24 Privacy Impact Analysis Describe any types of controls that may bin place to ensure that information is handled in accordance with thabove described uses
e e
This application is in compliance with the Federal Information Security Management Act of2002 (FISMA) as reflected in CSAM USDA Office of the Chiefinformation Officer (OCIO) Directives and National Institute of Standards and Technology (NIST) guidance including applicable controls provided in these NIST Special Publication 800-53 Revision 3 control families yentr uiltnoct 8~ 1
0 J Avdf ( cll 1115 rsr middot +
o Access Control (AC) o Security Awareness and Training (AT) o Identification and Authentication (IA) o Media Protection (MP) o Physical and Environmental Protection (PE) o Personnel Security (PS) omiddot Risk Assessment (RA) o System and Communication Protection (SC) o System and Information Integrity (SI)
If any residual risks are identified they will be managed and reported via the FISMAmandated risk assessment processes
Section 30 Retention
The following questions are intended to outline how long information will be retained afterthe initial collection
31 How long is information retained
Per NARA General Records Schedule 20 this application-specific infmmation has been authorized by the NRCS Records Manager for erasure or
Page7
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~
deletion when the agency detetmines that this information is no longer needed for administrative legal audit or other operational purposes
32 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)
Yes
33 Privacy Impact Analysis Please discuss the risks associated with the length of time data is retained and how those risks are mitigated
The primary privacy risk is that a data breach could result in the release of time and attendance information associated with NRCS employees This is mitigated by limited access to the data non-portability ofthe data and controlled storage of the data located in controlled facilities
middotRetention ofapplication-specific data is required to meet business and organizational requirements for this particular information system The risks associated with retaining application-specific information are mitigated by the controls discussed above
Section 40 Internal Sharing and Disclosure
The following questions are intended to defme the scope ofsharing within the United States Department of Agriculture
41 With which internal organization(s) is the information shared what information is shared and for what purpose
WebTCAS shares (receives) PIT from the Human Resources (HR) database which is maintained outside the accreditation boundary by HR The employee name is the only type ofHR PIT that is maintained within WebTCAS
WebTCAS automatically shares (transmits) the time and attendance data via batch process output to the NFC
42 How is the information tmnsmitted or disclosed
Transmission of time and attendance data via batch process output to the NFC is accomplished via password-protected (encrypted) files sent that are over a dedicated line for security purposes Passwords for connecting to NFC to enable transmitting the files are handled by the WebTCAS coordinators to ensure separation ofduties (SOD)
Pages
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS
~
43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated
Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above
Section 50 External Sharing and Disclosure
The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector
51 With which external organization(s) is the information shared what information is shared and for what purpose
NA- PII is not shared or disclosed with organizations that are external to the USDA
Note that WebTCAS does not share disclose or transmit any information to the IRS
52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA
NA- PII is not shared or disclosed with organizations that are external to the USDA
53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot
NA- PII is not shared or disclosed with organizations that are external to the USDA
54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated
Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above
Page9
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact AssessmentUSDA Natural Resource Conservation Service WebTCAS
~
deletion when the agency detetmines that this information is no longer needed for administrative legal audit or other operational purposes
32 Has the retention period been approved by the component records officer and the National Archives and Records Administration (NARA)
Yes
33 Privacy Impact Analysis Please discuss the risks associated with the length of time data is retained and how those risks are mitigated
The primary privacy risk is that a data breach could result in the release of time and attendance information associated with NRCS employees This is mitigated by limited access to the data non-portability ofthe data and controlled storage of the data located in controlled facilities
middotRetention ofapplication-specific data is required to meet business and organizational requirements for this particular information system The risks associated with retaining application-specific information are mitigated by the controls discussed above
Section 40 Internal Sharing and Disclosure
The following questions are intended to defme the scope ofsharing within the United States Department of Agriculture
41 With which internal organization(s) is the information shared what information is shared and for what purpose
WebTCAS shares (receives) PIT from the Human Resources (HR) database which is maintained outside the accreditation boundary by HR The employee name is the only type ofHR PIT that is maintained within WebTCAS
WebTCAS automatically shares (transmits) the time and attendance data via batch process output to the NFC
42 How is the information tmnsmitted or disclosed
Transmission of time and attendance data via batch process output to the NFC is accomplished via password-protected (encrypted) files sent that are over a dedicated line for security purposes Passwords for connecting to NFC to enable transmitting the files are handled by the WebTCAS coordinators to ensure separation ofduties (SOD)
Pages
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS
~
43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated
Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above
Section 50 External Sharing and Disclosure
The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector
51 With which external organization(s) is the information shared what information is shared and for what purpose
NA- PII is not shared or disclosed with organizations that are external to the USDA
Note that WebTCAS does not share disclose or transmit any information to the IRS
52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA
NA- PII is not shared or disclosed with organizations that are external to the USDA
53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot
NA- PII is not shared or disclosed with organizations that are external to the USDA
54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated
Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above
Page9
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS
~
43 Privacy ImpactAnalysis Considering the extent of internal middot information sharing discuss the privacy risks associated with the sharing and how they were mitigated
Privacy risks are mitigated by ensuring that the sharing of sensitive PIT with the NFC (which holds such data independently) is only perfonned by means ofpassword protected (encrypted) transmissions Any residual risks are mitigated by the controls discussed in Section 24 above
Section 50 External Sharing and Disclosure
The following questions are intended to define the content scope and authority for information sharing external to USDA which includes Federal state and local govermnent and the private sector
51 With which external organization(s) is the information shared what information is shared and for what purpose
NA- PII is not shared or disclosed with organizations that are external to the USDA
Note that WebTCAS does not share disclose or transmit any information to the IRS
52 Is the sharing of personally identifiable information outside the Department compatible with the original collection If so is it covered by an appropriate routine use in aSORN Ifso please describe Ifnot please describe under what legal mechanism the program or system is allowed to share the personally identifiable information outside of USDA
NA- PII is not shared or disclosed with organizations that are external to the USDA
53 How is the information shared outside the Department and what secmmiddotity measures safeguard its transmission middot middot
NA- PII is not shared or disclosed with organizations that are external to the USDA
54 Privacy Impact Analysis Given the external sharing explain the privacy risks identified and describe bow they were mitigated
Privacy risks are mitigated by vhtue of NOT sharing information external to the USDA Any residual risks are mitigated by the controls discussed in Section 24 above
Page9
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment Natural Resowmiddotce Conservation Service WebTCAS
Section 60 Notice
The following questions are directed at notice to the individual ofthe scope of information collected the right to consent to uses ofsaid information and the right to decline to provide infmmation
61 Was notice provided to the individual prior to collection of information middot
NA- No notice is provided because no PII is collected from any individual by this application
62 Do individuals have the opportunity andor right to decline to provideinformation
NA- No PIT is collected from any individual by this application
63 Do individuals have the right to consent to particular uses of the information If so how does the individual exercise the right
NA- No PII is collected from any individual by this application
64 Privacy Impact Analysis Describe how notice is provided to individuals and how the risks associated with individuals being unaware ofthe collection are mitigated
bull
Notice does not need to be provided to individuals There is no risk that an individual would be unaware of collection because DQ PII is collected from any individual by this application
Section 70 Access Redress and Correction
The following questions are directed at an individuals ability to ensure the accuracy of the infonnation collected about them
71 What are the procedures that allow individuals to gain access to their information
NA- Applicable procedures to allow individuals to gain access to their information are maintained outside ofthe accreditation boundary othis application by Human Resources (HR) which is the source of the PII used by this application
72middot What are the procedures for correcting inaccurate or erroneous information
Page 10
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment USDA Natwmiddotal Resource Conservation Service WebTCAS~--
NlA- Applicable procedures for correcting inaccurate or erroneous information are maintained outside ofthe accreditation boundary ofthis application by Human Resources (HR) which is the source ofthe PIT used by this application
73 How are individuals notified of the procedures for correcting their information
N A -Applicable notification is provided by Human Resources (HR) which is the source of the PIT used by this application
74 Ifno formal redress is provided what alternatives are available to the individual
NA-see 73
75 Privacy Impact Analysis Please discuss the privacy risks associated with the redress available to individuals and how those risks are mitigated
Privacy risks associated with redress that is available to individuals are fully mitigated since individuals can use applicable HR procedures to update their original records in the HR source systems
Section 80 Technical Access and Security
The following questions are intended to describe teclmical safeguards and security measures
81 What procedures are in place to determine which users may access the system and are they documented
Access to the WebTCAS application is determined via a valid eAuthentication ID and password (level II) on a valid need to know basis determined by requirements to perform applicable official duties The application has documented Access Control Procedures in compliance with FISMA and USDA directives See Section 24
82 Will Department contractors have access to the system
No
83 Describe what privacy training is provided to users either generally or specifically relevant to the program or system
NRCS requires that every employee and contractor receives information security awareness training before being granted network and account access per General
Page 11
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment Natural Resource Consenbullation Service WebTCAS
Manual Title 270 Part 409 -Logical Aceess ControI and Account Management Annual Security Awareness and Specialized Training are also required per FISMA and USDA policy and this training is tracked by USDA
84 Has Certification amp Accreditation been completed for the system or systems supporting the program
Yes Recertification in progress scheduled to be complete by 92013
85 What auditing measures and technical safeguards are in place to prevent misuse of data
NRCS complies with the Federal Information Security Management Act of2002 (FISMA) Assessment and Accreditation as well as atmual key control selfshyassessments and continuous monitoring procedures are implemented for this application per the requirements given in National Institute of Standards and Technology (NIST) Special Publication 800-53 Additionally NRCS complies with the specific securityrequirements for auditing measures and technical safeguards provided in OMB M-07-16 Finally the system provides technical safeguards to prevent misuse of data including
bull Confidentiality encryption is implemented to secure data at rest and in transit for this application (eg by FIPS 140-2 compliant HTTPS and end-user hard disk encryption)
bull Integrity Masking of applicable information is performed for this application (eg passwords are masked by eAuth)
bull middot Access Control The systems implements least privileges and need to know to control access to PII (eg by RBAC)
bull Authentication Access to the system and session timeout is implemented for this application (eg by eAuth and via multi-factor authentication for remote access)
bull Audit logging is implemented for this application (eg by logging infrastructure) bull Attack Mitigation The system implements security mechanisms such as input
validation
Notice For the privacy notice control please see Section 6 which addresses notice Formiddot the privacy redress control please see Section 7 which addresses redress
86 Privacy Impact Analysis Given the sensitivity and scope of the information collected as well as any information sharing conducted (Ill the system what privacy risks were identified and how do the security controls mitigate them
WebTCAS does not directly collect any PII from any individual but WebTCAS does utilize PII within the system which is obtained from HR and transmitted to NFC (see
Page 12
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment Natural Resource Conservation Service WebTCAS
Section 10 above) Data extracts containing PII are not regularly obtained from the system therefore privacy risk from this area is limited and addressed through IT Data Extract processes controls
Any privacy risks identified in this system are mitigated by the security and privacy safeguards provided in Section 85 and by the security controls discussed in Section 24 above Remediation of privacy risks associated with internalexternal sharing are addressed in PIA Sections 4 and 5 respectively
Section 90 Technology
The following questions are directed at critically analyzing the selection process for any technologies utilized by the system including system hardware and other teclmology
91 What type of project is the program or system
This is a legacy application that is hosted on devices using common COTS hardware and software configured in accordance with USDA baseline configurations for servers and web portals
92 Does the project employ technology which may raise privacy concerns If so please discuss their implementation
No The project utilizes Agency approved technologies and these technology choices do not raise privacy concerns
Section 100 Third Party WebsitesApplications
The following questions are directed at critically analyzing the privacy impact ofusing third party websites andor applications
101 Has the System Owner (SO) andor Information Systems Security Program Manager (ISSPM) reviewed Office of Management and Budget (OMB) memorandums M-10-22 Guidance for Online Use of Web Measurement and Customization Technology and M-10-23 Guidance for Agency Use of Third-Party Websites and Applications
Yes
102 What is the specific pmpose of the agencys use of3rd party websites andor applications
NA- 3rd party websites I applications are not used
Page 13
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment USDA Natural Resource Conservation Service WebTCAS2 11 I
103 What personally identifiable information (PII) will become available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
104 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be used
NlA- 3rd party websites I applications are not used
105 How will the PII that becomes available through the agencys use of 3rd party websites andor applications be maintained and secured
NlA- 3rd party websites I applications are not used
106 Is the PH that becomes available through the agencys use of3rd party websites andor applications purged periodically
NIA- 3rd party websites I applications are not used
107 Who will have access to PII that becomes available through the agencys use of 3rd party websites andor applications
NlA- 3rd party websites I applications are not used
108 With whom wiD the PII that becomes available through the agencys use of 3rd party websites andor applications be shared - either internally or externally
NIA- 3rd party websites I applications are not used
109 Will the activities involving the PII that becomes available through the agencys use of 3rd party websites andor applications require either the creation or modification of a system of records notice (SORN)
NlA- 3rd party websites I applications are not used
1010 Does the system use web measurement and customization technology
No The system does not use web measurement and customization teclmology
Page 14
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment Natural Resource Conservation Service 1VebTCAS
1011 Does the system allow users to either decline to opt-in or decide to opt-out of of all uses of web measurement and customization technology
NA- See 1010
1012 Privacy Impact Analysis Given the amount and type of PII that becomes available through the agencys use of 3rd party websites andor applications discuss the privacy risks identified and how they were mitigated
Privacy risks are nominal WebTCAS does not provide access or link to Third Party Applications In addition the system does not use web measurement andor customization technology
Page 15
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16
Privacy Impact Assessment Natural Resource Consenbullation Service Web1CAS
Pa )Digitally signed bybull ipalgenledererusdagovmiddot i lJN cn=palgenledererregusdagov
USdagov - Date20130730165402-0600
Paige Niederer Date
Responsible Officials
ige niederer
NRCS United States Department ofAgriculture This signature certifies that the above PIA responses are provided to the best of my knowledge and understanding
Approval Signature
Mr Lian Jin Date Acting Chiefinformation Security Officer United States Department ofAgriculture This signature certifies that the PTA analysis and PIA determination due diligence has been conducted pursuant to Department guidance and NIST regulations
Page 16